.htaccess file makes page load indefinitely? - .htaccess

I'm using the following .htaccess so that pages preceded by /cn/ load with http (the rest loads with https:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# http requests anything other than /cn should become https
RewriteCond %{HTTPS} off
RewriteRule !^cn(/.*)?$ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,NC,L,NE]
# https requests for /cn should become http
RewriteCond %{HTTPS} on
RewriteRule ^cn(/.*)?$ http://%{HTTP_HOST}%{REQUEST_URI} [R=302,NC,L,NE]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
php_value upload_max_filesize 110M
php_value post_max_size 110M
The strange thing is that the page just keeps loading forever. What could be causing this?

Related

Htaccess causes redirects chain

Recently, we switched from www.example.deto www.example.com/de. Unfortunately some minor and bigger issue occurred with the .htaccess.
Issue
Redirect chain
www.example.de/path redirects to www.example.com/de/path an then to www.example.com/de/path/
How do I remove the unecessary redirect?
Every blog article gets redirected to http and then to https.
https://www.example.de/blog/article redirects to http://example.com/blog/article/ then to https://example.com/blog/article/ and finally to https://example.com/de/blog/article/
The redirect to http only occurs for the blog. The rest off the website doesnt redirect to http.
It seems to me that the htaccess is ignored by requests to the blog. I don`t know what I did wrong!
htaccess www.example.de:
SetEnv PHPRC /home/customer/www/example.de/public_html/php.ini
RewriteEngine on
RewriteRule ^(.*)$ https://www.example.com/de/$1 [R=301,L]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
htaccess www.example.com/de:
SetEnv PHPRC /home/customer/www/example.com/public_html/php.ini
# BEGIN rlrssslReallySimpleSSL rsssl_version[5.1.0]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Possible Solution
Can I add this to solve the Issue with the trailing slash?
RewriteCond %{REQUEST_URI} /(.+)/$
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ https://www.example.com/%1 [R=301,L]

Can't redirect http requests to https

Hello I want to redirect my http requests to https. I add some code to .htaccess but still I can access to my website with http. What's wrong and what should I do?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule . /index.html [L]
</IfModule>
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteOptions inherit
Header set content-Security-Policy: upgrade-insecure-requests
With your shown attempts, could you please try following htaccess rues set. Since you are using inherit option for Rules, so in case you want to apply https in all URLs then better put your htpps rules in your BASE(very first level folder wise) htaccess file and we need not to put them here, if you want to only apply https to URLs which are covered here then use following style rules.
Please make sure to clear your browser cache before testing your URLs.
<IfModule mod_rewrite.c>
RewriteOptions inherit
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule . /index.html [L]
</IfModule>
Header set content-Security-Policy: upgrade-insecure-requests
The following code redirect any URL of your domain to HTTPS version and set HSTS:
#Redirect HTTP a HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#HSTS
<if "%{HTTPS} == 'on'">
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
</if>

Redirect HTTP to HTTPS on each and every page of website

I finally installed SSL on my website www.giftdays.jp. it works flawlessly.
It shows green padlock "secured" like I wished for.
But the problem is it only shows on main page. Whenever I access other page such as product page and all, green padlock is gone, and just shows exclamation inside circle. ( It doesn't show NOT SECURED WITH CROSSED HTTPS) .
After opening inspects from chrome, I get MIXED CONTENT error .
This is the exact error.
"Mixed Content: The page at 'https://www.giftdays.jp/products/list.php?mode=search&sps=5' was loaded over HTTPS, but requested an insecure image 'http://www.giftdays.jp/special/list_header/happywedding/images/happywedding.png'. This content should also be served over HTTPS."
Though my site is loaded on HTTPS , why isn't it showing green padlock?
By googling and all, I ended up in stack with someone posting some htaccess post which i added on my htaccess and uploaded on server. Code I added was :
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Yet no changes on other pages of website.
This is what`s inside my htaccess file :
# 基本は SC_Initial.php で設定するが、ini_setで反映されないものはここで設定する
php_value mbstring.language Japanese
php_flag mbstring.encoding_translation off
php_value output_handler none
php_flag magic_quotes_gpc off
php_flag session.auto_start 0
# INI_ALL なのにもかかわらず, ini_set で指定しても反映されない環境がある...
php_value mbstring.internal_encoding UTF-8
# デフォルトテンプレートの状態で 2M 近くになるため
php_value upload_max_filesize 5M
#php_value post_max_size 8M
php_flag register_globals off
RewriteEngine on
Options -Indexes
###################
# メンテナンス中
###################
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/503.php
RewriteCond %{REQUEST_URI} !^/maintenance.html
RewriteCond %{REQUEST_URI} !^/Gds1q2w3eAdmin/
RewriteCond %{REQUEST_URI} !^/user_data/
RewriteCond %{REMOTE_ADDR} !=114.179.83.200
RewriteCond %{REMOTE_ADDR} !=54.250.233.6
RewriteCond %{TIME_YEAR}%{TIME_MON}%{TIME_DAY}%{TIME_HOUR}%{TIME_MIN} >201403311500
RewriteCond %{TIME_YEAR}%{TIME_MON}%{TIME_DAY}%{TIME_HOUR}%{TIME_MIN} <201406011000
RewriteRule ^.*$ /503.php [L]
###################
# 通常使用
###################
RewriteRule ^guide/(.*)$ user_data/guide/$1
RewriteRule ^products/shop_map.php user_data/products/shop_map.php
RewriteRule ^concierge/.* user_data/concierge/$1
RewriteRule ^original/(.*)$ user_data/original_catalog/$1
RewriteRule ^gift/(.*)$ user_data/gift/$1
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#商品ページのURL書き換え
RewriteRule ^gifts/([0-9]+)/$ products/detail.php?product_id=$1 [QSA,L]
RewriteRule ^gifts/([0-9]+)/shop_map.php user_data/products/shop_map.php
#カタログページのURL書き換え
RewriteRule ^catalog/price-([0-9]+)/$ user_data/catalog/list.php?catalog_type_id=1&catalog_id=$1 [QSA,L]
RewriteRule ^catalog/theme-([0-9]+)/$ user_data/catalog/list.php?catalog_type_id=2&catalog_id=$1 [QSA,L]
RewriteRule ^catalog/(.*)$ user_data/catalog/$1
#有効性テスト用
# Redirect /api/ http://www.google.com
#Pマーク指摘対応
RewriteCond %{REQUEST_URI} .*/contact/.*$ [OR]
RewriteCond %{REQUEST_URI} .*/entry/.*$ [OR]
RewriteCond %{REQUEST_URI} .*/gift/.*$ [OR]
RewriteCond %{REQUEST_URI} .*/mypage/.*$
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^(www\.)?giftdays.jp$ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
# 404ページ
ErrorDocument 404 /user_data/404.php
Upon investigating more, I found some http inside my templates folder inside ftp. But they are like in many 100+ I guess.Should i go inside one by one and change all to https or is there anything I could do to change all at once?
Thank you
When setting up Apache to send an http request to https, you can't use the rewrite engine. You have to use the Redirect directive.
Probably you already have two VirtualHost blocks setup for http and https. Any request arriving on the http VirtualHost should be redirected to the https URL.

How to modify this .htaccess to make only the pages preceded by /cn/ insecure (http)?

So right now my site looks like this:
https://www.example.com
It has many languages:
https://www.example.com/es
https://www.example.com/hk
(etc...)
How do I modify the following .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
php_value upload_max_filesize 110M
php_value post_max_size 110M
so that only paegs with /cn/ preceding them are insecure? (http instead of https) Example:
http://www.example.com/cn/
http://www.example.com/cn/subpage/
You can use:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# http requests anything other than /cn should become https
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !/cn(/.*)?\s [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,NC,L,NE]
# https requests for /cn should become http
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} /cn(/.*)?\s [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=302,NC,L,NE]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
php_value upload_max_filesize 110M
php_value post_max_size 110M

.htaccess - infinite loop

I'm getting an infinite loop on this site - http://www.salesmelbourne.com
below is the .htaccess and I know the problem is in the last 4 lines - well I think so - can some offer some advice... thx
php_value session.gc_maxlifetime 259200
php_flag register_globals off
php_flag zlib.output_compression on
php_flag output_compression_level 6
<Files *>
Header set Cache-Control: "private, pre-check=0, post-check=0, max-age=0"
Header set Expires: 0
Header set Pragma: no-cache
</Files>
# File Upload 25MB
php_value post_max_size 20M
php_value upload_max_filesize 20M
php_value max_execution_time 1000
# use utf-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8
# force utf-8 for a number of file formats
AddCharset utf-8 .html .css .js .xml .json .rss .php
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) http://www.%{HTTP_HOST}/$1 [R=301,L]
# Internally redirect all pages to index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^/ajax/pages/(.*)$ /www/ajax/pages/404_error.php [R=301]
RewriteRule . index.php [L]
# Internally redirect all pages to index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^/ajax/pages/(.*)$ /www/ajax/pages/404_error.php [R=301]
RewriteRule . index.php [L]
What line #2 (from the end) does? It is not suppose to work anyway, since URL pattern in RewriteRule starts with NO leading slash, but you have it there (^/ajax/pages/(.*)$).
Since I do not know how that particular rule is expected to be working, there are 2 possible solutions (both will work -- it's all about the aforementioned line -- does it need those 2 conditions to function properly or not):
# I have no idea how this rule is supposed to work, but assume it's the way to go
RewriteRule ^ajax/pages/(.*)$ /www/ajax/pages/404_error.php [R=301]
# Internally redirect all pages to index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]
or like this (if those conditions are important for that rule)
# I have no idea how this rule is supposed to work, but assume it's the way to go
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ajax/pages/(.*)$ /www/ajax/pages/404_error.php [R=301]
# Internally redirect all pages to index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]

Resources